Digital Library, Podcast, SSL

What is a Secure Socket Layer and why is it needed?

Posted on - 6 min read
Pratham Yogendra
CTO - NexGi
Pratham Yogendra
Content Writer

SSL(Secure Socket Layer) is a form of soft tech that is responsible for maintaining secure communication between two computers on the Internet. 

It uses an SSL certificate with a public key to communicate with the client.

It is an industry-standard that allows a client and a host to transfer and receive sensitive data in a secure manner.

The Communication is based on the HyperText Transfer Protocol and if the channel is secure, then it adds an S in the end, making it HTTPS. The S, here, stands for Secure.

What is an SSL Certificate?

An SSL certificate is a certificate that ensures a website’s security. It enables the use of https over http to ensure an extra security layer.

And, is hosted on the website’s ground zero server and is sent with a public key to the client on request. 

It doesn’t just contain the public key though. And, it contains information about:

  1. The domain name and the sub-domains, it was issued for. 
  2. The device, entity, or person, it was issued for.
  3.  The authority who issued the certificate and its digital signature.
  4. The certificate’s validity from the issue date.

How does an SSL Certificate work?

Think of it this way, you open up your browser and type in the URL

The browser (client) would then send a request for a connection to the server (host) and the server would revert back with a certificate with the public key. 

A public key is a secure encrypted form of data that can only be understood by a private key.

Think of it as a locker’s key split in half where the first half’s design (public key) is distributed to everyone. But, the second half of the key (private key) is securely stored with limited access.

Without the second half of the key, it is impossible to crack the lock. This entire process is also called an SSL handshake.

The browser would then check the certificate’s validity and then send the encrypted data using the public key.

The host would then match its private key with the public key to decrypt the data.

Why do you need an SSL?

Whilst building a digital brand, it is important for you to provide a secure layer of communication to your consumers and vice-versa to hide sensitive information from prying eyes on the Internet.

As a brand, your transactions must be secure, if not the prying eyes would understand your transaction status and would use techniques to divert the funds to their secure accounts.

What are the myths around SSL?

Just as how we were told that “With great power comes great responsibility.,

we’ve learned that on the Internet, “with great technology comes great myths”. And these myths about SSL have been on the Internet for years now. We believe it’s time to finally debunk them.

Here are a few myths about the SSL:


1. Secure Socket Layer encryption is invincible! 

It is often considered that having an SSL Certificate based encryption makes your digital space invincible.But, the reality around the encryption of any form is different. 

Using encryption does make it difficult for hackers to target your website. But, there can be plenty of other loopholes on your website that’d allow the hacker to find a back door.

And, even though HTTPS acts as a reliable trust factor, you’ll have to understand that in some cases, even if your website has an SSL Certificate, it will not stop hacker injections.

2. Secure Socket Layer encryption is expensive!

In the S&M Enterprises stage, brands try to only invest in services whose worth they are sure about. 

And, often brands consider SSL Certificates to be an expensive service. But, honestly speaking, in 2020, obtaining an SSL at a budget-friendly is very easy. In fact, with organizations such as Let’s Encrypt and Symantec in the game, obtaining an SSL Certificate is now a free affair.

Though, you might have to pay for additional security, if you choose to go with Symantec.

3. Using a Login Page SSL only is secure!

Think of it this way, you built a castle. And, to secure it, you would build the most secure entrance in the world. But, to only skip on building a compound wall around it. 

Sounds lame, right?

Well, so does the myth. If you only develop a secure login page and leave the rest of the pages unsecured, the hacker might easily find a backdoor into your digital space.

4. Transitioning to an SSL doesn’t affect SEO!

Though it isn’t a simple fact that installing SSL will help you rank better. To encourage the use of SSL on a wide scale, Google stated HTTPS to be a ranking signal. This transition started a few years ago. 

In the initial days of the transition, it didn’t really affect the SEO for brands who didn’t adopt HTTPS as HTTP was still widely used.

But, with time, it became difficult as brands had to adapt to a new ranking signal. And even though it was just one letter added to the end of HTTP, it made a lot of difference. 

5. Using an SSL slows the website down!

People really believe that though SSL provides an extra layer of security, it slows the website. But, it isn’t a fact. Just because the computer has to encrypt the data and decrypt it, doesn’t it mean it is slow.

In fact, HTTPS is seen to be faster in subtle aspects. The actual reason for the website being slow, though, is the use of heavy plugins and scripts which eat up the loading time.

6. Only eCommerce brands should use an SSL!

Brands often prefer to purchase SSL Certificates, only if they are building an eCommerce website. But, honestly, it really isn’t true. In the modern age, Every site needs to use Secure HTTP.

For instance, if you are a media company with a dedicated user dashboard. And, if you don’t use SSL, you might decrease the time frame and hustle for the hacker to take control of your website or at the least, get a backdoor to your database. 

Though, this database might only contain the users’ names, ages, gender, mobile numbers, and email ids.

The hacker can use it to his advantage to target the user and dig for more information about the same users by diving deep through the Internet. 

This security breach will at the least downgrade your customer experience by 10 folds. Think of it, we stress the fact again that it’s the least-case scenario.

7. Using a Secure Socket Layer doesn’t affect the traffic!

Based on the ability to fully load the site, browsers like chrome segregate the sites on Google’s Index and it affects the statistics and ranking. 

Remember those prompts which your browser shows when you visit a website with an expired SSL Certificate?

Well, the browsers count such factors to determine the site’s reliability and place them on the index accordingly. 

And, if your website falls in the negative area of the index, it might be difficult to passively drive traffic from the search engines.

8. HTTPS Sites cannot be cached!

There’ve been debates about how browsers cannot cache HTTPS websites. But, using response headers does allow the browser to cache the non-sensitive data of the site and use it to load faster.